mirror of
https://github.com/zulip/zulip.git
synced 2025-10-30 03:23:50 +00:00
puppet: Rename puppet/zulip_ops to puppet/kandra.
This makes for easier tab-completion, and also is a bit more explicit about the expected consumer.
This commit is contained in:
Alex Vandiver
committed by
Tim Abbott
Tim Abbott
parent
f4ad102d39
commit
b23d90ed62
@@ -193,7 +193,7 @@ want to choose in the list of includes in [the main manifest for the
|
|||||||
default all-in-one Zulip server][standalone.pp], though it's also
|
default all-in-one Zulip server][standalone.pp], though it's also
|
||||||
possible to subclass some of the lower-level manifests defined in that
|
possible to subclass some of the lower-level manifests defined in that
|
||||||
directory if you want to customize. A good example of doing this is
|
directory if you want to customize. A good example of doing this is
|
||||||
in the [zulip_ops Puppet configuration][zulipchat-puppet] that we use
|
in the [kandra Puppet configuration][zulipchat-puppet] that we use
|
||||||
as part of managing chat.zulip.org and zulip.com.
|
as part of managing chat.zulip.org and zulip.com.
|
||||||
|
|
||||||
### Using Zulip with Amazon RDS as the database
|
### Using Zulip with Amazon RDS as the database
|
||||||
@@ -498,7 +498,7 @@ that your Zulip server sits at `https://10.10.10.10:443`; see
|
|||||||
|
|
||||||
[nginx-proxy-longpolling-config]: https://github.com/zulip/zulip/blob/main/puppet/zulip/files/nginx/zulip-include-common/proxy_longpolling
|
[nginx-proxy-longpolling-config]: https://github.com/zulip/zulip/blob/main/puppet/zulip/files/nginx/zulip-include-common/proxy_longpolling
|
||||||
[standalone.pp]: https://github.com/zulip/zulip/blob/main/puppet/zulip/manifests/profile/standalone.pp
|
[standalone.pp]: https://github.com/zulip/zulip/blob/main/puppet/zulip/manifests/profile/standalone.pp
|
||||||
[zulipchat-puppet]: https://github.com/zulip/zulip/tree/main/puppet/zulip_ops/manifests
|
[zulipchat-puppet]: https://github.com/zulip/zulip/tree/main/puppet/kandra/manifests
|
||||||
|
|
||||||
### Apache2 configuration
|
### Apache2 configuration
|
||||||
|
|
||||||
|
|||||||
@@ -272,7 +272,7 @@ the next section for details.
|
|||||||
### Nagios configuration
|
### Nagios configuration
|
||||||
|
|
||||||
The complete Nagios configuration (sans secret keys) used to
|
The complete Nagios configuration (sans secret keys) used to
|
||||||
monitor zulip.com is available under `puppet/zulip_ops` in the
|
monitor zulip.com is available under `puppet/kandra` in the
|
||||||
Zulip Git repository (those files are not installed in the release
|
Zulip Git repository (those files are not installed in the release
|
||||||
tarballs).
|
tarballs).
|
||||||
|
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ To add a new queue processor:
|
|||||||
The queue will automatically be added to the list of queues tracked by
|
The queue will automatically be added to the list of queues tracked by
|
||||||
`scripts/nagios/check-rabbitmq-consumers`, so Nagios can properly
|
`scripts/nagios/check-rabbitmq-consumers`, so Nagios can properly
|
||||||
check whether a queue processor is running for your queue. You still
|
check whether a queue processor is running for your queue. You still
|
||||||
need to update the sample Nagios configuration in `puppet/zulip_ops`
|
need to update the sample Nagios configuration in `puppet/kandra`
|
||||||
manually.
|
manually.
|
||||||
|
|
||||||
### Publishing events into a queue
|
### Publishing events into a queue
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ This script just checks the contents of a file. The forwarding test
|
|||||||
itself lives in api/integrations/zephyr/check-mirroring and should be
|
itself lives in api/integrations/zephyr/check-mirroring and should be
|
||||||
run out of cron.
|
run out of cron.
|
||||||
|
|
||||||
See puppet/zulip_ops/files/cron.d/zephyr-mirror for the crontab details.
|
See puppet/kandra/files/cron.d/zephyr-mirror for the crontab details.
|
||||||
"""
|
"""
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
class zulip_ops::apache {
|
class kandra::apache {
|
||||||
$apache_packages = [# Needed to run Apache with WSGI
|
$apache_packages = [# Needed to run Apache with WSGI
|
||||||
'apache2',
|
'apache2',
|
||||||
'libapache2-mod-wsgi',
|
'libapache2-mod-wsgi',
|
||||||
@@ -28,7 +28,7 @@ class zulip_ops::apache {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
source => 'puppet:///modules/zulip_ops/apache/ports.conf',
|
source => 'puppet:///modules/kandra/apache/ports.conf',
|
||||||
notify => Service['apache2'],
|
notify => Service['apache2'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1,15 +1,15 @@
|
|||||||
class zulip_ops::app_frontend {
|
class kandra::app_frontend {
|
||||||
include zulip::app_frontend_base
|
include zulip::app_frontend_base
|
||||||
include zulip::profile::memcached
|
include zulip::profile::memcached
|
||||||
include zulip::profile::rabbitmq
|
include zulip::profile::rabbitmq
|
||||||
include zulip::postfix_localmail
|
include zulip::postfix_localmail
|
||||||
include zulip::static_asset_compiler
|
include zulip::static_asset_compiler
|
||||||
include zulip::hooks::sentry
|
include zulip::hooks::sentry
|
||||||
include zulip_ops::app_frontend_monitoring
|
include kandra::app_frontend_monitoring
|
||||||
|
|
||||||
zulip_ops::firewall_allow{ 'smtp': }
|
kandra::firewall_allow{ 'smtp': }
|
||||||
zulip_ops::firewall_allow{ 'http': }
|
kandra::firewall_allow{ 'http': }
|
||||||
zulip_ops::firewall_allow{ 'https': }
|
kandra::firewall_allow{ 'https': }
|
||||||
|
|
||||||
$redis_hostname = zulipconf('redis', 'hostname', undef)
|
$redis_hostname = zulipconf('redis', 'hostname', undef)
|
||||||
group { 'redistunnel':
|
group { 'redistunnel':
|
||||||
@@ -25,7 +25,7 @@ class zulip_ops::app_frontend {
|
|||||||
home => '/home/redistunnel',
|
home => '/home/redistunnel',
|
||||||
managehome => true,
|
managehome => true,
|
||||||
}
|
}
|
||||||
zulip_ops::user_dotfiles { 'redistunnel':
|
kandra::user_dotfiles { 'redistunnel':
|
||||||
keys => true,
|
keys => true,
|
||||||
known_hosts => [$redis_hostname],
|
known_hosts => [$redis_hostname],
|
||||||
}
|
}
|
||||||
@@ -34,12 +34,12 @@ class zulip_ops::app_frontend {
|
|||||||
ensure => file,
|
ensure => file,
|
||||||
require => [
|
require => [
|
||||||
Package['supervisor', 'autossh'],
|
Package['supervisor', 'autossh'],
|
||||||
Zulip_Ops::User_Dotfiles['redistunnel'],
|
Kandra::User_Dotfiles['redistunnel'],
|
||||||
],
|
],
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/redis_tunnel.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/redis_tunnel.conf.template.erb'),
|
||||||
notify => Service['supervisor'],
|
notify => Service['supervisor'],
|
||||||
}
|
}
|
||||||
# Need redis_password in its own file for Nagios
|
# Need redis_password in its own file for Nagios
|
||||||
@@ -57,7 +57,7 @@ class zulip_ops::app_frontend {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/nginx/zulip-include-app.d/well-known.conf',
|
source => 'puppet:///modules/kandra/nginx/zulip-include-app.d/well-known.conf',
|
||||||
notify => Service['nginx'],
|
notify => Service['nginx'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -68,6 +68,6 @@ class zulip_ops::app_frontend {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/cron.d/fetch-contributor-data',
|
source => 'puppet:///modules/kandra/cron.d/fetch-contributor-data',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
# @summary Munin monitoring of a Django frontend and RabbitMQ server.
|
# @summary Munin monitoring of a Django frontend and RabbitMQ server.
|
||||||
#
|
#
|
||||||
class zulip_ops::app_frontend_monitoring {
|
class kandra::app_frontend_monitoring {
|
||||||
include zulip_ops::prometheus::rabbitmq
|
include kandra::prometheus::rabbitmq
|
||||||
include zulip_ops::prometheus::uwsgi
|
include kandra::prometheus::uwsgi
|
||||||
include zulip_ops::prometheus::process
|
include kandra::prometheus::process
|
||||||
zulip_ops::firewall_allow { 'grok_exporter': port => '9144' }
|
kandra::firewall_allow { 'grok_exporter': port => '9144' }
|
||||||
include zulip_ops::munin_node
|
include kandra::munin_node
|
||||||
$munin_plugins = [
|
$munin_plugins = [
|
||||||
'rabbitmq_connections',
|
'rabbitmq_connections',
|
||||||
'rabbitmq_consumers',
|
'rabbitmq_consumers',
|
||||||
@@ -15,7 +15,7 @@ class zulip_ops::app_frontend_monitoring {
|
|||||||
'rabbitmq_queue_memory',
|
'rabbitmq_queue_memory',
|
||||||
'zulip_send_receive_timing',
|
'zulip_send_receive_timing',
|
||||||
]
|
]
|
||||||
zulip_ops::munin_plugin { $munin_plugins: }
|
kandra::munin_plugin { $munin_plugins: }
|
||||||
|
|
||||||
file { '/etc/cron.d/rabbitmq-monitoring':
|
file { '/etc/cron.d/rabbitmq-monitoring':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
@@ -1,12 +1,12 @@
|
|||||||
# @summary Installs the AWS CLI
|
# @summary Installs the AWS CLI
|
||||||
#
|
#
|
||||||
class zulip_ops::aws_tools {
|
class kandra::aws_tools {
|
||||||
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
||||||
|
|
||||||
file { '/usr/local/bin/install-aws-cli':
|
file { '/usr/local/bin/install-aws-cli':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
mode => '0755',
|
mode => '0755',
|
||||||
source => 'puppet:///modules/zulip_ops/install-aws-cli',
|
source => 'puppet:///modules/kandra/install-aws-cli',
|
||||||
}
|
}
|
||||||
exec { 'install-aws-cli':
|
exec { 'install-aws-cli':
|
||||||
require => File['/usr/local/bin/install-aws-cli'],
|
require => File['/usr/local/bin/install-aws-cli'],
|
||||||
@@ -49,7 +49,7 @@ class zulip_ops::aws_tools {
|
|||||||
mode => '0755',
|
mode => '0755',
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
source => 'puppet:///modules/zulip_ops/teleport-aws-credentials',
|
source => 'puppet:///modules/kandra/teleport-aws-credentials',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
file { '/root/.aws':
|
file { '/root/.aws':
|
||||||
@@ -66,7 +66,7 @@ class zulip_ops::aws_tools {
|
|||||||
mode => '0644',
|
mode => '0644',
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
content => template('zulip_ops/dotfiles/aws_config.erb'),
|
content => template('kandra/dotfiles/aws_config.erb'),
|
||||||
}
|
}
|
||||||
|
|
||||||
# Pull keys and authorized_keys from AWS secretsmanager
|
# Pull keys and authorized_keys from AWS secretsmanager
|
||||||
@@ -76,7 +76,7 @@ class zulip_ops::aws_tools {
|
|||||||
mode => '0755',
|
mode => '0755',
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
source => 'puppet:///modules/zulip_ops/install-ssh-keys',
|
source => 'puppet:///modules/kandra/install-ssh-keys',
|
||||||
}
|
}
|
||||||
file { '/usr/local/bin/install-ssh-authorized-keys':
|
file { '/usr/local/bin/install-ssh-authorized-keys':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
@@ -84,6 +84,6 @@ class zulip_ops::aws_tools {
|
|||||||
mode => '0755',
|
mode => '0755',
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
source => 'puppet:///modules/zulip_ops/install-ssh-authorized-keys',
|
source => 'puppet:///modules/kandra/install-ssh-authorized-keys',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
7
puppet/kandra/manifests/camo.pp
Normal file
7
puppet/kandra/manifests/camo.pp
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
class kandra::camo {
|
||||||
|
class { 'zulip::camo':
|
||||||
|
listen_address => '0.0.0.0',
|
||||||
|
}
|
||||||
|
|
||||||
|
kandra::firewall_allow { 'camo': port => '9292' }
|
||||||
|
}
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
class zulip_ops::firewall {
|
class kandra::firewall {
|
||||||
package { 'iptables-persistent': }
|
package { 'iptables-persistent': }
|
||||||
concat { '/etc/iptables/rules.v4':
|
concat { '/etc/iptables/rules.v4':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
@@ -7,12 +7,12 @@ class zulip_ops::firewall {
|
|||||||
}
|
}
|
||||||
concat::fragment { 'iptables-header.v4':
|
concat::fragment { 'iptables-header.v4':
|
||||||
target => '/etc/iptables/rules.v4',
|
target => '/etc/iptables/rules.v4',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/header.v4',
|
source => 'puppet:///modules/kandra/iptables/header.v4',
|
||||||
order => '01',
|
order => '01',
|
||||||
}
|
}
|
||||||
concat::fragment { 'iptables-trailer.v4':
|
concat::fragment { 'iptables-trailer.v4':
|
||||||
target => '/etc/iptables/rules.v4',
|
target => '/etc/iptables/rules.v4',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/trailer.v4',
|
source => 'puppet:///modules/kandra/iptables/trailer.v4',
|
||||||
order => '99',
|
order => '99',
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -23,12 +23,12 @@ class zulip_ops::firewall {
|
|||||||
}
|
}
|
||||||
concat::fragment { 'iptables-header.v6':
|
concat::fragment { 'iptables-header.v6':
|
||||||
target => '/etc/iptables/rules.v6',
|
target => '/etc/iptables/rules.v6',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/header.v6',
|
source => 'puppet:///modules/kandra/iptables/header.v6',
|
||||||
order => '01',
|
order => '01',
|
||||||
}
|
}
|
||||||
concat::fragment { 'iptables-trailer.v6':
|
concat::fragment { 'iptables-trailer.v6':
|
||||||
target => '/etc/iptables/rules.v6',
|
target => '/etc/iptables/rules.v6',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/trailer.v6',
|
source => 'puppet:///modules/kandra/iptables/trailer.v6',
|
||||||
order => '99',
|
order => '99',
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2,7 +2,7 @@
|
|||||||
#
|
#
|
||||||
# Rules with the same ordering are ordered by the rule name.
|
# Rules with the same ordering are ordered by the rule name.
|
||||||
#
|
#
|
||||||
define zulip_ops::firewall_allow (
|
define kandra::firewall_allow (
|
||||||
$port = '',
|
$port = '',
|
||||||
$proto = 'tcp',
|
$proto = 'tcp',
|
||||||
$order = '50',
|
$order = '50',
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
class zulip_ops::ksplice_uptrack {
|
class kandra::ksplice_uptrack {
|
||||||
$ksplice_access_key = zulipsecret('secrets', 'ksplice_access_key', '')
|
$ksplice_access_key = zulipsecret('secrets', 'ksplice_access_key', '')
|
||||||
if $ksplice_access_key != '' {
|
if $ksplice_access_key != '' {
|
||||||
file { '/etc/uptrack':
|
file { '/etc/uptrack':
|
||||||
@@ -12,7 +12,7 @@ class zulip_ops::ksplice_uptrack {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/uptrack/uptrack.conf.erb'),
|
content => template('kandra/uptrack/uptrack.conf.erb'),
|
||||||
}
|
}
|
||||||
$setup_apt_repo_file = "${::zulip_scripts_path}/lib/setup-apt-repo"
|
$setup_apt_repo_file = "${::zulip_scripts_path}/lib/setup-apt-repo"
|
||||||
exec{ 'setup-apt-repo-ksplice':
|
exec{ 'setup-apt-repo-ksplice':
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
class zulip_ops::munin_node {
|
class kandra::munin_node {
|
||||||
zulip::safepackage { ['munin-node', 'munin-plugins-extra']: ensure => installed }
|
zulip::safepackage { ['munin-node', 'munin-plugins-extra']: ensure => installed }
|
||||||
|
|
||||||
service { 'munin-node':
|
service { 'munin-node':
|
||||||
@@ -11,7 +11,7 @@ class zulip_ops::munin_node {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/munin/munin-node.conf',
|
source => 'puppet:///modules/kandra/munin/munin-node.conf',
|
||||||
notify => Service['munin-node'],
|
notify => Service['munin-node'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -21,7 +21,7 @@ class zulip_ops::munin_node {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/munin/plugin-conf.d',
|
source => 'puppet:///modules/kandra/munin/plugin-conf.d',
|
||||||
notify => Service['munin-node'],
|
notify => Service['munin-node'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1,9 +1,9 @@
|
|||||||
define zulip_ops::munin_plugin {
|
define kandra::munin_plugin {
|
||||||
file { "/usr/local/munin/lib/plugins/${title}":
|
file { "/usr/local/munin/lib/plugins/${title}":
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0755',
|
mode => '0755',
|
||||||
source => "puppet:///modules/zulip_ops/munin-plugins/${title}",
|
source => "puppet:///modules/kandra/munin-plugins/${title}",
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/etc/munin/plugins/${name}":
|
file { "/etc/munin/plugins/${name}":
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
class zulip_ops::prod_app_frontend_once {
|
class kandra::prod_app_frontend_once {
|
||||||
include zulip::app_frontend_once
|
include zulip::app_frontend_once
|
||||||
include zulip::hooks::push_git_ref
|
include zulip::hooks::push_git_ref
|
||||||
include zulip::hooks::zulip_notify
|
include zulip::hooks::zulip_notify
|
||||||
@@ -32,7 +32,7 @@ class zulip_ops::prod_app_frontend_once {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/cron.d/check_send_receive_time',
|
source => 'puppet:///modules/kandra/cron.d/check_send_receive_time',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/etc/cron.d/check_user_zephyr_mirror_liveness':
|
file { '/etc/cron.d/check_user_zephyr_mirror_liveness':
|
||||||
@@ -40,6 +40,6 @@ class zulip_ops::prod_app_frontend_once {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/cron.d/check_user_zephyr_mirror_liveness',
|
source => 'puppet:///modules/kandra/cron.d/check_user_zephyr_mirror_liveness',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,12 +1,12 @@
|
|||||||
class zulip_ops::profile::base {
|
class kandra::profile::base {
|
||||||
include zulip::profile::base
|
include zulip::profile::base
|
||||||
include zulip_ops::munin_node
|
include kandra::munin_node
|
||||||
include zulip_ops::ksplice_uptrack
|
include kandra::ksplice_uptrack
|
||||||
include zulip_ops::firewall
|
include kandra::firewall
|
||||||
include zulip_ops::teleport::node
|
include kandra::teleport::node
|
||||||
include zulip_ops::prometheus::node
|
include kandra::prometheus::node
|
||||||
|
|
||||||
zulip_ops::firewall_allow { 'ssh': order => '10'}
|
kandra::firewall_allow { 'ssh': order => '10'}
|
||||||
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
$is_ec2 = zulipconf('machine', 'hosting_provider', 'ec2') == 'ec2'
|
||||||
|
|
||||||
$org_base_packages = [
|
$org_base_packages = [
|
||||||
@@ -43,30 +43,30 @@ class zulip_ops::profile::base {
|
|||||||
file { '/etc/apt/apt.conf.d/02periodic':
|
file { '/etc/apt/apt.conf.d/02periodic':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/02periodic',
|
source => 'puppet:///modules/kandra/apt/apt.conf.d/02periodic',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
|
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/50unattended-upgrades',
|
source => 'puppet:///modules/kandra/apt/apt.conf.d/50unattended-upgrades',
|
||||||
}
|
}
|
||||||
if $::os['distro']['release']['major'] == '22.04' {
|
if $::os['distro']['release']['major'] == '22.04' {
|
||||||
file { '/etc/needrestart/conf.d/zulip.conf':
|
file { '/etc/needrestart/conf.d/zulip.conf':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/needrestart/zulip.conf',
|
source => 'puppet:///modules/kandra/needrestart/zulip.conf',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
user { 'root': }
|
user { 'root': }
|
||||||
zulip_ops::user_dotfiles { 'root':
|
kandra::user_dotfiles { 'root':
|
||||||
home => '/root',
|
home => '/root',
|
||||||
keys => 'internal-read-only-deploy-key',
|
keys => 'internal-read-only-deploy-key',
|
||||||
authorized_keys => 'common',
|
authorized_keys => 'common',
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::user_dotfiles { 'zulip':
|
kandra::user_dotfiles { 'zulip':
|
||||||
keys => 'internal-read-only-deploy-key',
|
keys => 'internal-read-only-deploy-key',
|
||||||
authorized_keys => 'common',
|
authorized_keys => 'common',
|
||||||
}
|
}
|
||||||
@@ -75,14 +75,14 @@ class zulip_ops::profile::base {
|
|||||||
ensure => running,
|
ensure => running,
|
||||||
}
|
}
|
||||||
|
|
||||||
include zulip_ops::aws_tools
|
include kandra::aws_tools
|
||||||
|
|
||||||
if $is_ec2 {
|
if $is_ec2 {
|
||||||
# EC2 hosts can use the in-VPC timeserver
|
# EC2 hosts can use the in-VPC timeserver
|
||||||
file { '/etc/chrony/chrony.conf':
|
file { '/etc/chrony/chrony.conf':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/chrony.conf',
|
source => 'puppet:///modules/kandra/chrony.conf',
|
||||||
require => Package['chrony'],
|
require => Package['chrony'],
|
||||||
notify => Service['chrony'],
|
notify => Service['chrony'],
|
||||||
}
|
}
|
||||||
@@ -107,7 +107,7 @@ class zulip_ops::profile::base {
|
|||||||
group => 'nagios',
|
group => 'nagios',
|
||||||
mode => '0700',
|
mode => '0700',
|
||||||
}
|
}
|
||||||
zulip_ops::user_dotfiles { 'nagios':
|
kandra::user_dotfiles { 'nagios':
|
||||||
home => '/var/lib/nagios',
|
home => '/var/lib/nagios',
|
||||||
authorized_keys => true,
|
authorized_keys => true,
|
||||||
}
|
}
|
||||||
20
puppet/kandra/manifests/profile/chat_zulip_org.pp
Normal file
20
puppet/kandra/manifests/profile/chat_zulip_org.pp
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
class kandra::profile::chat_zulip_org inherits kandra::profile::base {
|
||||||
|
include zulip::profile::standalone
|
||||||
|
include zulip::postfix_localmail
|
||||||
|
include zulip::hooks::sentry
|
||||||
|
|
||||||
|
include kandra::app_frontend_monitoring
|
||||||
|
include kandra::prometheus::redis
|
||||||
|
include kandra::prometheus::postgresql
|
||||||
|
kandra::firewall_allow { 'smokescreen_metrics': port => '9810' }
|
||||||
|
kandra::firewall_allow { 'http': }
|
||||||
|
kandra::firewall_allow { 'https': }
|
||||||
|
kandra::firewall_allow { 'smtp': }
|
||||||
|
|
||||||
|
Kandra::User_Dotfiles['root'] {
|
||||||
|
keys => false,
|
||||||
|
}
|
||||||
|
Kandra::User_Dotfiles['zulip'] {
|
||||||
|
keys => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
# @summary Observability using Grafana
|
# @summary Observability using Grafana
|
||||||
#
|
#
|
||||||
class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
class kandra::profile::grafana inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
@@ -39,8 +39,8 @@ class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
|||||||
group => 'grafana',
|
group => 'grafana',
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::teleport::application { 'monitoring': port => '3000' }
|
kandra::teleport::application { 'monitoring': port => '3000' }
|
||||||
zulip_ops::firewall_allow { 'grafana': port => '3000' }
|
kandra::firewall_allow { 'grafana': port => '3000' }
|
||||||
file { "${zulip::common::supervisor_conf_dir}/grafana.conf":
|
file { "${zulip::common::supervisor_conf_dir}/grafana.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
require => [
|
require => [
|
||||||
@@ -52,7 +52,7 @@ class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/grafana.conf.erb'),
|
content => template('kandra/supervisor/conf.d/grafana.conf.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -67,7 +67,7 @@ class zulip_ops::profile::grafana inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/grafana/grafana.ini',
|
source => 'puppet:///modules/kandra/grafana/grafana.ini',
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
class kandra::profile::munin_server inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip_ops::apache
|
include kandra::apache
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
$munin_packages = [
|
$munin_packages = [
|
||||||
@@ -18,7 +18,7 @@ class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/munin/apache.conf',
|
source => 'puppet:///modules/kandra/munin/apache.conf',
|
||||||
notify => Service['apache2'],
|
notify => Service['apache2'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -40,7 +40,7 @@ class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/munin/munin.conf.erb'),
|
content => template('kandra/munin/munin.conf.erb'),
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "${zulip::common::supervisor_conf_dir}/munin_tunnels.conf":
|
file { "${zulip::common::supervisor_conf_dir}/munin_tunnels.conf":
|
||||||
@@ -49,7 +49,7 @@ class zulip_ops::profile::munin_server inherits zulip_ops::profile::base {
|
|||||||
mode => '0644',
|
mode => '0644',
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
content => template('zulip_ops/supervisor/conf.d/munin_tunnels.conf.erb'),
|
content => template('kandra/supervisor/conf.d/munin_tunnels.conf.erb'),
|
||||||
notify => Service['supervisor'],
|
notify => Service['supervisor'],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
class kandra::profile::nagios inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip_ops::apache
|
include kandra::apache
|
||||||
|
|
||||||
zulip::ssh_keys { 'nagios': }
|
zulip::ssh_keys { 'nagios': }
|
||||||
$nagios_packages = [# Packages needed for Nagios
|
$nagios_packages = [# Packages needed for Nagios
|
||||||
@@ -40,7 +40,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/nagios4/',
|
source => 'puppet:///modules/kandra/nagios4/',
|
||||||
notify => Service['nagios4'],
|
notify => Service['nagios4'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -50,7 +50,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => template('zulip_ops/nagios_apache_site.conf.template.erb'),
|
content => template('kandra/nagios_apache_site.conf.template.erb'),
|
||||||
}
|
}
|
||||||
apache2site { 'nagios':
|
apache2site { 'nagios':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
@@ -60,7 +60,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
],
|
],
|
||||||
notify => Service['apache2'],
|
notify => Service['apache2'],
|
||||||
}
|
}
|
||||||
zulip_ops::teleport::application{ 'nagios':
|
kandra::teleport::application{ 'nagios':
|
||||||
description => 'Monitoring: nagios and munin',
|
description => 'Monitoring: nagios and munin',
|
||||||
port => '3000',
|
port => '3000',
|
||||||
}
|
}
|
||||||
@@ -70,7 +70,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/nagios4/contacts.cfg.template.erb'),
|
content => template('kandra/nagios4/contacts.cfg.template.erb'),
|
||||||
notify => Service['nagios4'],
|
notify => Service['nagios4'],
|
||||||
}
|
}
|
||||||
file { '/etc/nagios4/conf.d/hosts.cfg':
|
file { '/etc/nagios4/conf.d/hosts.cfg':
|
||||||
@@ -78,7 +78,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/nagios4/hosts.cfg.template.erb'),
|
content => template('kandra/nagios4/hosts.cfg.template.erb'),
|
||||||
notify => Service['nagios4'],
|
notify => Service['nagios4'],
|
||||||
}
|
}
|
||||||
file { '/etc/nagios4/conf.d/localhost.cfg':
|
file { '/etc/nagios4/conf.d/localhost.cfg':
|
||||||
@@ -86,7 +86,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/nagios4/localhost.cfg.template.erb'),
|
content => template('kandra/nagios4/localhost.cfg.template.erb'),
|
||||||
notify => Service['nagios4'],
|
notify => Service['nagios4'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -95,7 +95,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/nagios4/cgi.cfg.template.erb'),
|
content => template('kandra/nagios4/cgi.cfg.template.erb'),
|
||||||
notify => Service['nagios4'],
|
notify => Service['nagios4'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -120,7 +120,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
mode => '0644',
|
mode => '0644',
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
content => template('zulip_ops/nagios_autossh.template.erb'),
|
content => template('kandra/nagios_autossh.template.erb'),
|
||||||
notify => Service['nagios4'],
|
notify => Service['nagios4'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -129,7 +129,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
mode => '0600',
|
mode => '0600',
|
||||||
owner => 'nagios',
|
owner => 'nagios',
|
||||||
group => 'nagios',
|
group => 'nagios',
|
||||||
content => template('zulip_ops/msmtprc_nagios.template.erb'),
|
content => template('kandra/msmtprc_nagios.template.erb'),
|
||||||
require => File['/var/lib/nagios'],
|
require => File['/var/lib/nagios'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -138,7 +138,7 @@ class zulip_ops::profile::nagios inherits zulip_ops::profile::base {
|
|||||||
mode => '0644',
|
mode => '0644',
|
||||||
owner => 'nagios',
|
owner => 'nagios',
|
||||||
group => 'nagios',
|
group => 'nagios',
|
||||||
source => 'puppet:///modules/zulip_ops/nagios_ssh_config',
|
source => 'puppet:///modules/kandra/nagios_ssh_config',
|
||||||
}
|
}
|
||||||
|
|
||||||
# Disable apparmor for msmtp so it can read the above config file
|
# Disable apparmor for msmtp so it can read the above config file
|
||||||
@@ -1,13 +1,13 @@
|
|||||||
class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
|
class kandra::profile::postgresql inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip::profile::postgresql
|
include zulip::profile::postgresql
|
||||||
include zulip_ops::teleport::db
|
include kandra::teleport::db
|
||||||
include zulip_ops::prometheus::postgresql
|
include kandra::prometheus::postgresql
|
||||||
|
|
||||||
$common_packages = ['xfsprogs']
|
$common_packages = ['xfsprogs']
|
||||||
package { $common_packages: ensure => installed }
|
package { $common_packages: ensure => installed }
|
||||||
|
|
||||||
zulip_ops::firewall_allow{ 'postgresql': }
|
kandra::firewall_allow{ 'postgresql': }
|
||||||
|
|
||||||
zulip::sysctl { 'postgresql-swappiness':
|
zulip::sysctl { 'postgresql-swappiness':
|
||||||
key => 'vm.swappiness',
|
key => 'vm.swappiness',
|
||||||
@@ -23,7 +23,7 @@ class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0744',
|
mode => '0744',
|
||||||
source => 'puppet:///modules/zulip_ops/postgresql/setup_disks.sh',
|
source => 'puppet:///modules/kandra/postgresql/setup_disks.sh',
|
||||||
}
|
}
|
||||||
exec { 'setup_disks':
|
exec { 'setup_disks':
|
||||||
command => '/root/setup_disks.sh',
|
command => '/root/setup_disks.sh',
|
||||||
@@ -37,6 +37,6 @@ class zulip_ops::profile::postgresql inherits zulip_ops::profile::base {
|
|||||||
owner => 'postgres',
|
owner => 'postgres',
|
||||||
group => 'postgres',
|
group => 'postgres',
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
source => 'puppet:///modules/zulip_ops/postgresql/pg_hba.conf',
|
source => 'puppet:///modules/kandra/postgresql/pg_hba.conf',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
|
class kandra::profile::prod_app_frontend inherits kandra::profile::base {
|
||||||
include zulip_ops::app_frontend
|
include kandra::app_frontend
|
||||||
include zulip::hooks::zulip_notify
|
include zulip::hooks::zulip_notify
|
||||||
|
|
||||||
Zulip_Ops::User_Dotfiles['root'] {
|
Kandra::User_Dotfiles['root'] {
|
||||||
keys => 'internal-limited-write-deploy-key',
|
keys => 'internal-limited-write-deploy-key',
|
||||||
}
|
}
|
||||||
Zulip_Ops::User_Dotfiles['zulip'] {
|
Kandra::User_Dotfiles['zulip'] {
|
||||||
keys => 'internal-limited-write-deploy-key',
|
keys => 'internal-limited-write-deploy-key',
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -21,7 +21,7 @@ class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/nginx/sites-available/zulip',
|
source => 'puppet:///modules/kandra/nginx/sites-available/zulip',
|
||||||
notify => Service['nginx'],
|
notify => Service['nginx'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -39,7 +39,7 @@ class zulip_ops::profile::prod_app_frontend inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0755',
|
mode => '0755',
|
||||||
source => 'puppet:///modules/zulip_ops/nagios_plugins/zulip_zephyr_mirror',
|
source => 'puppet:///modules/kandra/nagios_plugins/zulip_zephyr_mirror',
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prod has our Apple Push Notifications Service private key at
|
# Prod has our Apple Push Notifications Service private key at
|
||||||
@@ -2,18 +2,18 @@
|
|||||||
#
|
#
|
||||||
# Only one instance is necessary.
|
# Only one instance is necessary.
|
||||||
#
|
#
|
||||||
class zulip_ops::profile::prometheus_server inherits zulip_ops::profile::base {
|
class kandra::profile::prometheus_server inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
|
|
||||||
# This blackbox monitoring of the backup system runs locally
|
# This blackbox monitoring of the backup system runs locally
|
||||||
include zulip_ops::prometheus::wal_g
|
include kandra::prometheus::wal_g
|
||||||
|
|
||||||
# Ditto the Akamai logs
|
# Ditto the Akamai logs
|
||||||
include zulip_ops::prometheus::akamai
|
include kandra::prometheus::akamai
|
||||||
|
|
||||||
# Export prometheus stats to status.zulip.com
|
# Export prometheus stats to status.zulip.com
|
||||||
include zulip_ops::statuspage
|
include kandra::statuspage
|
||||||
|
|
||||||
$version = $zulip::common::versions['prometheus']['version']
|
$version = $zulip::common::versions['prometheus']['version']
|
||||||
$dir = "/srv/zulip-prometheus-${version}"
|
$dir = "/srv/zulip-prometheus-${version}"
|
||||||
@@ -48,7 +48,7 @@ class zulip_ops::profile::prometheus_server inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/prometheus/prometheus.yaml',
|
source => 'puppet:///modules/kandra/prometheus/prometheus.yaml',
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -63,7 +63,7 @@ class zulip_ops::profile::prometheus_server inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
class zulip_ops::profile::redis inherits zulip_ops::profile::base {
|
class kandra::profile::redis inherits kandra::profile::base {
|
||||||
include zulip::profile::redis
|
include zulip::profile::redis
|
||||||
include zulip_ops::prometheus::redis
|
include kandra::prometheus::redis
|
||||||
|
|
||||||
zulip::sysctl { 'redis-somaxconn':
|
zulip::sysctl { 'redis-somaxconn':
|
||||||
key => 'net.core.somaxconn',
|
key => 'net.core.somaxconn',
|
||||||
@@ -29,7 +29,7 @@ class zulip_ops::profile::redis inherits zulip_ops::profile::base {
|
|||||||
home => '/home/redistunnel',
|
home => '/home/redistunnel',
|
||||||
managehome => true,
|
managehome => true,
|
||||||
}
|
}
|
||||||
zulip_ops::user_dotfiles { 'redistunnel':
|
kandra::user_dotfiles { 'redistunnel':
|
||||||
authorized_keys => true,
|
authorized_keys => true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
9
puppet/kandra/manifests/profile/smokescreen.pp
Normal file
9
puppet/kandra/manifests/profile/smokescreen.pp
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
class kandra::profile::smokescreen inherits kandra::profile::base {
|
||||||
|
|
||||||
|
|
||||||
|
include zulip::profile::smokescreen
|
||||||
|
kandra::firewall_allow { 'smokescreen': port => '4750' }
|
||||||
|
kandra::firewall_allow { 'smokescreen_metrics': port => '9810' }
|
||||||
|
|
||||||
|
include kandra::camo
|
||||||
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
class zulip_ops::profile::staging_app_frontend inherits zulip_ops::profile::base {
|
class kandra::profile::staging_app_frontend inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip_ops::app_frontend
|
include kandra::app_frontend
|
||||||
|
|
||||||
file { '/etc/nginx/sites-available/zulip-staging':
|
file { '/etc/nginx/sites-available/zulip-staging':
|
||||||
ensure => file,
|
ensure => file,
|
||||||
@@ -8,7 +8,7 @@ class zulip_ops::profile::staging_app_frontend inherits zulip_ops::profile::base
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/nginx/sites-available/zulip-staging',
|
source => 'puppet:///modules/kandra/nginx/sites-available/zulip-staging',
|
||||||
notify => Service['nginx'],
|
notify => Service['nginx'],
|
||||||
}
|
}
|
||||||
file { '/etc/nginx/sites-enabled/zulip-staging':
|
file { '/etc/nginx/sites-enabled/zulip-staging':
|
||||||
@@ -24,6 +24,6 @@ class zulip_ops::profile::staging_app_frontend inherits zulip_ops::profile::base
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/cron.d/check_send_receive_time',
|
source => 'puppet:///modules/kandra/cron.d/check_send_receive_time',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,23 +1,23 @@
|
|||||||
class zulip_ops::profile::teleport inherits zulip_ops::profile::base {
|
class kandra::profile::teleport inherits kandra::profile::base {
|
||||||
|
|
||||||
|
|
||||||
file { '/etc/teleport_server.yaml':
|
file { '/etc/teleport_server.yaml':
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/teleport_server.yaml',
|
source => 'puppet:///modules/kandra/teleport_server.yaml',
|
||||||
notify => Service['teleport_server'],
|
notify => Service['teleport_server'],
|
||||||
}
|
}
|
||||||
zulip_ops::teleport::part { 'server': }
|
kandra::teleport::part { 'server': }
|
||||||
|
|
||||||
# https://goteleport.com/docs/admin-guide/#ports
|
# https://goteleport.com/docs/admin-guide/#ports
|
||||||
# Port 443 is outward-facing, for UI
|
# Port 443 is outward-facing, for UI
|
||||||
zulip_ops::firewall_allow { 'teleport_server_ui': port => 443 }
|
kandra::firewall_allow { 'teleport_server_ui': port => 443 }
|
||||||
# Port 3023 is outward-facing, for teleport clients to connect to.
|
# Port 3023 is outward-facing, for teleport clients to connect to.
|
||||||
zulip_ops::firewall_allow { 'teleport_server_proxy': port => 3023 }
|
kandra::firewall_allow { 'teleport_server_proxy': port => 3023 }
|
||||||
# Port 3034 is outward-facing, for teleport servers outside the
|
# Port 3034 is outward-facing, for teleport servers outside the
|
||||||
# cluster to connect back to establish reverse proxies.
|
# cluster to connect back to establish reverse proxies.
|
||||||
zulip_ops::firewall_allow { 'teleport_server_reverse': port => 3024 }
|
kandra::firewall_allow { 'teleport_server_reverse': port => 3024 }
|
||||||
# Port 3025 is inward-facing, for other nodes to look up auth information
|
# Port 3025 is inward-facing, for other nodes to look up auth information
|
||||||
zulip_ops::firewall_allow { 'teleport_server_auth': port => 3025 }
|
kandra::firewall_allow { 'teleport_server_auth': port => 3025 }
|
||||||
}
|
}
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
class kandra::profile::zmirror inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
@@ -21,7 +21,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/supervisor/conf.d/zmirror.conf',
|
source => 'puppet:///modules/kandra/supervisor/conf.d/zmirror.conf',
|
||||||
notify => Service['supervisor'],
|
notify => Service['supervisor'],
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -30,7 +30,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/cron.d/zephyr-mirror',
|
source => 'puppet:///modules/kandra/cron.d/zephyr-mirror',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/etc/krb5.conf':
|
file { '/etc/krb5.conf':
|
||||||
@@ -38,7 +38,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/krb5.conf',
|
source => 'puppet:///modules/kandra/krb5.conf',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/etc/default/zephyr-clients':
|
file { '/etc/default/zephyr-clients':
|
||||||
@@ -46,7 +46,7 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/zephyr-clients',
|
source => 'puppet:///modules/kandra/zephyr-clients',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/usr/lib/nagios/plugins/zulip_zephyr_mirror':
|
file { '/usr/lib/nagios/plugins/zulip_zephyr_mirror':
|
||||||
@@ -56,18 +56,18 @@ class zulip_ops::profile::zmirror inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0755',
|
mode => '0755',
|
||||||
source => 'puppet:///modules/zulip_ops/nagios_plugins/zulip_zephyr_mirror',
|
source => 'puppet:///modules/kandra/nagios_plugins/zulip_zephyr_mirror',
|
||||||
}
|
}
|
||||||
|
|
||||||
# Allow the relevant UDP ports
|
# Allow the relevant UDP ports
|
||||||
concat::fragment { 'iptables-zmirror.v4':
|
concat::fragment { 'iptables-zmirror.v4':
|
||||||
target => '/etc/iptables/rules.v4',
|
target => '/etc/iptables/rules.v4',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v4',
|
source => 'puppet:///modules/kandra/iptables/zmirror.v4',
|
||||||
order => '20',
|
order => '20',
|
||||||
}
|
}
|
||||||
concat::fragment { 'iptables-zmirror.v6':
|
concat::fragment { 'iptables-zmirror.v6':
|
||||||
target => '/etc/iptables/rules.v6',
|
target => '/etc/iptables/rules.v6',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v6',
|
source => 'puppet:///modules/kandra/iptables/zmirror.v6',
|
||||||
order => '20',
|
order => '20',
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1,8 +1,8 @@
|
|||||||
class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
class kandra::profile::zmirror_personals inherits kandra::profile::base {
|
||||||
|
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
Zulip_Ops::User_Dotfiles['zulip'] {
|
Kandra::User_Dotfiles['zulip'] {
|
||||||
authorized_keys => [
|
authorized_keys => [
|
||||||
'common',
|
'common',
|
||||||
'production-write-ccache',
|
'production-write-ccache',
|
||||||
@@ -51,7 +51,7 @@ class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/krb5.conf',
|
source => 'puppet:///modules/kandra/krb5.conf',
|
||||||
}
|
}
|
||||||
|
|
||||||
concat::fragment { '01-supervisor-zmirror':
|
concat::fragment { '01-supervisor-zmirror':
|
||||||
@@ -73,7 +73,7 @@ class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/cron.d/test_zephyr_personal_mirrors',
|
source => 'puppet:///modules/kandra/cron.d/test_zephyr_personal_mirrors',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/usr/lib/nagios/plugins/zulip_zephyr_mirror':
|
file { '/usr/lib/nagios/plugins/zulip_zephyr_mirror':
|
||||||
@@ -83,18 +83,18 @@ class zulip_ops::profile::zmirror_personals inherits zulip_ops::profile::base {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0755',
|
mode => '0755',
|
||||||
source => 'puppet:///modules/zulip_ops/nagios_plugins/zulip_zephyr_mirror',
|
source => 'puppet:///modules/kandra/nagios_plugins/zulip_zephyr_mirror',
|
||||||
}
|
}
|
||||||
|
|
||||||
# Allow the relevant UDP ports
|
# Allow the relevant UDP ports
|
||||||
concat::fragment { 'iptables-zmirror.v4':
|
concat::fragment { 'iptables-zmirror.v4':
|
||||||
target => '/etc/iptables/rules.v4',
|
target => '/etc/iptables/rules.v4',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v4',
|
source => 'puppet:///modules/kandra/iptables/zmirror.v4',
|
||||||
order => '20',
|
order => '20',
|
||||||
}
|
}
|
||||||
concat::fragment { 'iptables-zmirror.v6':
|
concat::fragment { 'iptables-zmirror.v6':
|
||||||
target => '/etc/iptables/rules.v6',
|
target => '/etc/iptables/rules.v6',
|
||||||
source => 'puppet:///modules/zulip_ops/iptables/zmirror.v6',
|
source => 'puppet:///modules/kandra/iptables/zmirror.v6',
|
||||||
order => '20',
|
order => '20',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
8
puppet/kandra/manifests/profile/zulipbot_zulip_org.pp
Normal file
8
puppet/kandra/manifests/profile/zulipbot_zulip_org.pp
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
class kandra::profile::zulipbot_zulip_org inherits kandra::profile::base {
|
||||||
|
|
||||||
|
kandra::firewall_allow { 'http': }
|
||||||
|
kandra::firewall_allow { 'https': }
|
||||||
|
|
||||||
|
# TODO: This does not do any configuration of zulipbot itself, or of
|
||||||
|
# caddy.
|
||||||
|
}
|
||||||
@@ -1,11 +1,11 @@
|
|||||||
# @summary Prometheus monitoring of Akamai access logs
|
# @summary Prometheus monitoring of Akamai access logs
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::akamai {
|
class kandra::prometheus::akamai {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip_ops::vector
|
include kandra::vector
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
$bin = $zulip_ops::vector::bin
|
$bin = $kandra::vector::bin
|
||||||
$conf = '/etc/vector.toml'
|
$conf = '/etc/vector.toml'
|
||||||
$pipelines = {
|
$pipelines = {
|
||||||
'static' => zulipsecret('secrets', 'akamai_static_sqs_url', ''),
|
'static' => zulipsecret('secrets', 'akamai_static_sqs_url', ''),
|
||||||
@@ -17,7 +17,7 @@ class zulip_ops::prometheus::akamai {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/vector.toml.template.erb'),
|
content => template('kandra/vector.toml.template.erb'),
|
||||||
}
|
}
|
||||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_akamai_exporter.conf":
|
file { "${zulip::common::supervisor_conf_dir}/prometheus_akamai_exporter.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
@@ -30,7 +30,7 @@ class zulip_ops::prometheus::akamai {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_akamai_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_akamai_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
# @summary Configures a node for monitoring with Prometheus
|
# @summary Configures a node for monitoring with Prometheus
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::base {
|
class kandra::prometheus::base {
|
||||||
group { 'prometheus':
|
group { 'prometheus':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
gid => '1060',
|
gid => '1060',
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
# @summary Configures a node for monitoring with Prometheus
|
# @summary Configures a node for monitoring with Prometheus
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::node {
|
class kandra::prometheus::node {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
$version = $zulip::common::versions['node_exporter']['version']
|
$version = $zulip::common::versions['node_exporter']['version']
|
||||||
@@ -14,7 +14,7 @@ class zulip_ops::prometheus::node {
|
|||||||
tarball_prefix => "node_exporter-${version}.linux-${zulip::common::goarch}",
|
tarball_prefix => "node_exporter-${version}.linux-${zulip::common::goarch}",
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::firewall_allow { 'node_exporter': port => '9100' }
|
kandra::firewall_allow { 'node_exporter': port => '9100' }
|
||||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_node_exporter.conf":
|
file { "${zulip::common::supervisor_conf_dir}/prometheus_node_exporter.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
require => [
|
require => [
|
||||||
@@ -25,7 +25,7 @@ class zulip_ops::prometheus::node {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_node_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_node_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
# @summary Prometheus monitoring of postgresql servers
|
# @summary Prometheus monitoring of postgresql servers
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::postgresql {
|
class kandra::prometheus::postgresql {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
include zulip::golang
|
include zulip::golang
|
||||||
|
|
||||||
@@ -55,7 +55,7 @@ class zulip_ops::prometheus::postgresql {
|
|||||||
user => 'postgres',
|
user => 'postgres',
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::firewall_allow { 'postgres_exporter': port => '9187' }
|
kandra::firewall_allow { 'postgres_exporter': port => '9187' }
|
||||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_postgres_exporter.conf":
|
file { "${zulip::common::supervisor_conf_dir}/prometheus_postgres_exporter.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
require => [
|
require => [
|
||||||
@@ -67,7 +67,7 @@ class zulip_ops::prometheus::postgresql {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_postgres_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_postgres_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
# @summary Prometheus monitoring of Zulip server processes
|
# @summary Prometheus monitoring of Zulip server processes
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::process {
|
class kandra::prometheus::process {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
$version = $zulip::common::versions['process_exporter']['version']
|
$version = $zulip::common::versions['process_exporter']['version']
|
||||||
@@ -15,14 +15,14 @@ class zulip_ops::prometheus::process {
|
|||||||
tarball_prefix => "process-exporter-${version}.linux-${zulip::common::goarch}",
|
tarball_prefix => "process-exporter-${version}.linux-${zulip::common::goarch}",
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::firewall_allow { 'process_exporter': port => '9256' }
|
kandra::firewall_allow { 'process_exporter': port => '9256' }
|
||||||
file { $conf:
|
file { $conf:
|
||||||
ensure => file,
|
ensure => file,
|
||||||
require => User[zulip],
|
require => User[zulip],
|
||||||
owner => 'zulip',
|
owner => 'zulip',
|
||||||
group => 'zulip',
|
group => 'zulip',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
source => 'puppet:///modules/zulip_ops/process_exporter.yaml',
|
source => 'puppet:///modules/kandra/process_exporter.yaml',
|
||||||
}
|
}
|
||||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_process_exporter.conf":
|
file { "${zulip::common::supervisor_conf_dir}/prometheus_process_exporter.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
@@ -35,7 +35,7 @@ class zulip_ops::prometheus::process {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_process_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_process_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2,13 +2,13 @@
|
|||||||
# the built-in prometheus plugin which serves on port 15692:
|
# the built-in prometheus plugin which serves on port 15692:
|
||||||
# https://www.rabbitmq.com/prometheus.html
|
# https://www.rabbitmq.com/prometheus.html
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::rabbitmq {
|
class kandra::prometheus::rabbitmq {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
|
|
||||||
exec { 'enable rabbitmq-prometheus':
|
exec { 'enable rabbitmq-prometheus':
|
||||||
command => 'rabbitmq-plugins enable rabbitmq_prometheus',
|
command => 'rabbitmq-plugins enable rabbitmq_prometheus',
|
||||||
unless => 'grep -q rabbitmq_prometheus /etc/rabbitmq/enabled_plugins',
|
unless => 'grep -q rabbitmq_prometheus /etc/rabbitmq/enabled_plugins',
|
||||||
require => Service['rabbitmq-server'],
|
require => Service['rabbitmq-server'],
|
||||||
}
|
}
|
||||||
zulip_ops::firewall_allow { 'rabbitmq': port => '15692' }
|
kandra::firewall_allow { 'rabbitmq': port => '15692' }
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
# @summary Prometheus monitoring of redis servers
|
# @summary Prometheus monitoring of redis servers
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::redis {
|
class kandra::prometheus::redis {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
$version = $zulip::common::versions['redis_exporter']['version']
|
$version = $zulip::common::versions['redis_exporter']['version']
|
||||||
@@ -14,7 +14,7 @@ class zulip_ops::prometheus::redis {
|
|||||||
tarball_prefix => "redis_exporter-v${version}.linux-${zulip::common::goarch}",
|
tarball_prefix => "redis_exporter-v${version}.linux-${zulip::common::goarch}",
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::firewall_allow { 'redis_exporter': port => '9121' }
|
kandra::firewall_allow { 'redis_exporter': port => '9121' }
|
||||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_redis_exporter.conf":
|
file { "${zulip::common::supervisor_conf_dir}/prometheus_redis_exporter.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
require => [
|
require => [
|
||||||
@@ -25,7 +25,7 @@ class zulip_ops::prometheus::redis {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_redis_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_redis_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
# @summary Prometheus monitoring of uwsgi servers
|
# @summary Prometheus monitoring of uwsgi servers
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::uwsgi {
|
class kandra::prometheus::uwsgi {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
|
|
||||||
$version = $zulip::common::versions['uwsgi_exporter']['version']
|
$version = $zulip::common::versions['uwsgi_exporter']['version']
|
||||||
@@ -14,7 +14,7 @@ class zulip_ops::prometheus::uwsgi {
|
|||||||
tarball_prefix => "uwsgi_exporter-${version}.linux-${zulip::common::goarch}",
|
tarball_prefix => "uwsgi_exporter-${version}.linux-${zulip::common::goarch}",
|
||||||
}
|
}
|
||||||
|
|
||||||
zulip_ops::firewall_allow { 'uwsgi_exporter': port => '9238' }
|
kandra::firewall_allow { 'uwsgi_exporter': port => '9238' }
|
||||||
file { "${zulip::common::supervisor_conf_dir}/prometheus_uwsgi_exporter.conf":
|
file { "${zulip::common::supervisor_conf_dir}/prometheus_uwsgi_exporter.conf":
|
||||||
ensure => file,
|
ensure => file,
|
||||||
require => [
|
require => [
|
||||||
@@ -25,7 +25,7 @@ class zulip_ops::prometheus::uwsgi {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_uwsgi_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_uwsgi_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
# @summary Prometheus monitoring of wal-g backups
|
# @summary Prometheus monitoring of wal-g backups
|
||||||
#
|
#
|
||||||
class zulip_ops::prometheus::wal_g {
|
class kandra::prometheus::wal_g {
|
||||||
include zulip_ops::prometheus::base
|
include kandra::prometheus::base
|
||||||
include zulip::supervisor
|
include zulip::supervisor
|
||||||
include zulip::wal_g
|
include zulip::wal_g
|
||||||
|
|
||||||
@@ -28,7 +28,7 @@ class zulip_ops::prometheus::wal_g {
|
|||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template('zulip_ops/supervisor/conf.d/prometheus_wal_g_exporter.conf.template.erb'),
|
content => template('kandra/supervisor/conf.d/prometheus_wal_g_exporter.conf.template.erb'),
|
||||||
notify => Service[supervisor],
|
notify => Service[supervisor],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
define zulip_ops::ssh_authorized_keys(
|
define kandra::ssh_authorized_keys(
|
||||||
$keys = true,
|
$keys = true,
|
||||||
) {
|
) {
|
||||||
$user = $name
|
$user = $name
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
define zulip_ops::ssh_keys(
|
define kandra::ssh_keys(
|
||||||
$keys = true,
|
$keys = true,
|
||||||
) {
|
) {
|
||||||
$user = $name
|
$user = $name
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user